ComboFix 08-02.01.6 - Owner 2008-02-01 19:47:12.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.823 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Shared\
000464B1.dat
C:\Program Files\outlook
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\IA
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
C:\WINDOWS\system32\drivers\core.cache(6).dsk
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\pac.txt
C:\winlogon.exe
C:\x.dat
C:\z.dat
D:\Autorun.inf
C:\WINDOWS\Fonts\'
----- BITS: Possible infected sites -----
hxxp://au.download.windowsupdate.com.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\core
((((((((((((((((((((((((( Files Created from 2008-01-02 to 2008-02-02 )))))))))))))))))))))))))))))))
.
2008-02-01 08:29 . 2008-02-01 08:30 125 --a------ C:\ioSpecial.ini
2008-02-01 08:16 . 2008-02-01 08:16 <DIR> d-------- C:\Program Files\Sun
2008-02-01 08:16 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-01 08:06 . 2008-02-01 08:06 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-01 07:56 . 2008-02-01 07:56 <DIR> d-------- C:\Documents and Settings\Owner\.SunDownloadManager
2008-01-29 23:17 . 2008-01-29 23:17 <DIR> d-------- C:\Deckard
2008-01-28 14:53 . 2008-02-01 19:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-28 14:39 . 2008-01-29 17:09 2,688 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-28 01:59 . 2008-01-28 01:59 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-01-28 01:59 . 2008-01-28 01:59 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-01-28 01:59 . 2008-01-28 01:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Jane s Hotel
2008-01-28 01:57 . 2008-01-28 01:57 <DIR> d-------- C:\WINDOWS\system32\bits
2008-01-28 01:56 . 2008-01-28 01:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-28 01:18 . 2008-02-01 19:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-28 01:18 . 2008-01-28 01:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-28 01:17 . 2008-01-28 02:01 <DIR> d-------- C:\Program Files\iPod
2008-01-27 18:29 . 2008-02-01 08:29 <DIR> d-------- C:\Program Files\Gamenext
2008-01-27 10:44 . 2007-02-28 20:26 97,752 --a------ C:\WINDOWS\system32\drivers\fwcore.sys
2008-01-27 00:11 . 2008-01-27 10:49 <DIR> d-------- C:\Program Files\eAcceleration
2008-01-27 00:11 . 2008-01-28 01:48 <DIR> d-------- C:\Program Files\Common Files\eAcceleration
2008-01-27 00:11 . 2008-01-28 00:35 <DIR> d-------- C:\Program Files\Acceleration Software
2008-01-27 00:11 . 2008-01-27 00:12 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\eAcceleration
2008-01-27 00:11 . 2008-01-27 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\eAcceleration
2008-01-12 14:56 . 2008-01-12 14:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-09 12:18 . 2008-01-09 12:18 4,416 --a------ C:\WINDOWS\system32\OEMINFO.PNF
2008-01-09 07:41 . 2007-03-29 06:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-01-09 07:41 . 2007-03-29 06:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-01-07 11:55 . 2008-01-07 11:55 <DIR> d-------- C:\KAV
2008-01-05 13:36 . 2008-01-28 01:55 <DIR> d-------- C:\Program Files\Macrogaming
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-01 14:28 --------- d-----w C:\Program Files\Shockwave.com
2008-02-01 14:16 --------- d-----w C:\Program Files\Java
2008-02-01 06:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-28 08:01 --------- d-----w C:\Program Files\QuickTime
2008-01-28 08:01 --------- d-----w C:\Program Files\iTunes
2008-01-28 07:47 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-01-28 00:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-25 05:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-01-21 04:04 --------- d-----w C:\Program Files\Google
2008-01-06 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-01-01 00:32 --------- d-----w C:\Program Files\MP3 Player Utilities 4.11
2007-12-30 20:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-30 20:36 --------- d-----w C:\Program Files\Enlight
2007-12-30 00:54 --------- d-----w C:\Program Files\MSN Messenger
2007-12-26 19:50 --------- d-----w C:\Program Files\LimeWire
2007-12-25 07:19 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-24 05:03 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Yahoo!
2007-12-24 02:56 134 ----a-w C:\n.bat
2007-12-22 22:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\Home Sweet Home
2007-12-14 18:54 --------- d-----w C:\Program Files\America Online 8.0
2007-12-11 22:22 --------- d-----w C:\Documents and Settings\Owner\Application Data\Image Zone Express
2007-12-11 22:00 --------- d-----w C:\Program Files\HP
2007-12-10 22:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2007-12-10 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-12-09 06:30 --------- d-----w C:\Program Files\PokerStars
2007-12-08 02:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Oberon Games
2007-12-06 18:38 --------- d-----w C:\Program Files\PayPal
2007-12-06 18:37 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield
2007-11-27 00:14 270 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2007-07-22 22:00 374 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb6334.dat
2007-07-22 21:43 556 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb8467.dat
2007-07-22 21:43 18,432 ----a-w C:\Documents and Settings\Owner\Application Data\internaldb41.dat
2006-01-10 04:12 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.
- Code: Select all
<pre>
----a-w 39,792 2007-12-24 05:14:50 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 185,896 2007-12-24 05:14:48 C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w 54,840 2007-12-24 05:14:47 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w 267,048 2007-12-24 05:14:59 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 5,674,352 2007-12-24 05:15:18 C:\Program Files\MSN Messenger\MsnMsgr .Exe
----a-w 286,720 2007-12-24 05:14:50 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2007-12-24 14:35:03 C:\Program Files\QuickTime\qttask .exe
----a-w 15,360 2007-12-24 05:15:09 C:\WINDOWS\system32\ctfmon .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoftwareStation"="C:\Program Files\eAcceleration\Station\station.exe" [2007-05-08 18:12 136904]
"StopSignSsTsMon"="C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll" [2007-11-26 11:40 149152]
"StopSignSsSsMon"="C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll" [2007-11-26 11:40 132768]
"webscan"="C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" [2007-11-26 11:49 742832]
"StopSignSsFwMon"="C:\Program Files\eAcceleration\Firewall\ssfwmon.dll" [2006-08-09 12:56 136864]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"StopSignSsSsMon"="C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll" [2007-11-26 11:40 132768]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Charter High-Speed Security Suite.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Charter High-Speed Security Suite.lnk
backup=C:\WINDOWS\pss\Charter High-Speed Security Suite.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CICache]
--a------ 2002-09-05 14:21 24576 C:\WINDOWS\CICache.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 13:00 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
--a------ 2004-04-27 14:34 86016 C:\WINDOWS\Dit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDBitSet]
--------- 2003-12-18 15:37 184320 C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
--------- 2004-09-03 11:14 57344 C:\Program Files\HP DVD\Umbrella\DVDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Startup Wizard]
C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-08-20 17:51 118784 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-08-20 17:55 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2004-02-12 16:57 188416 C:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2004-02-12 16:59 77824 C:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a------ 2003-06-18 14:00 200704 C:\Program Files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 13:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-13 14:42 212992 C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2003-10-31 21:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-08-12 17:12 684032 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-08-12 17:13 102400 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
R0 fwcore;Fwcore Filter;C:\WINDOWS\system32\drivers\fwcore.sys [2007-02-28 20:26]
R2 FWService;FWService;C:\Program Files\eAcceleration\Firewall\FWService.exe [2007-02-28 20:26]
S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2007-03-01 14:48]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{559cda29-8312-11da-895f-0003251703ea}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 02:40:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-02 01:49:04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2006-01-05 23:24:22 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-02-01 23:41:13 C:\WINDOWS\Tasks\User_Feed_Synchronization-{9B62B573-BFF6-43CD-AB4C-2C857538FB9C}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-01 19:53:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background?g
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\eAcceleration\Firewall\FWService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\eAcceleration\Station\station.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-01 19:58:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-02 01:58:09
.
2008-01-28 05:29:38 --- E O F ---
----- --------- ------ -------- ---------- -------- ----- ------ ------- --------- -----
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:11 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\eAcceleration\Firewall\FWService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eAcceleration\Station\station.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\scanner.exe\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.espn.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B753C7C5-0942-4b7f-BC27-942B52BDAC66} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [StopSignSsFwMon] Rundll32.exe "C:\Program Files\eAcceleration\Firewall\ssfwmon.dll",VerifyStatus
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus /ro
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra 'Tools' menuitem: Block This Page - {24BE56F9-F0B6-4ac7-97F1-8CACEDA9A427} - C:\PROGRA~1\ACCELE~1\StopSign\webcbrowse.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) -
https://support.microsoft.com/OAS/ActiveX/MSDcode.cabO16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) -
http://www.shockwave.com/content/chocol ... 0.0.13.cabO16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -
http://download.ebay.com/turbo_lister/US/install.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 6869958015O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://atv.disney.go.com/global/downloa ... YAX29b.cabO16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://128.101.28.100/activex/AxisCamControl.cabO16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) -
http://web1.shutterfly.com/downloads/Uploader.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) -
http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FWService - eAcceleration Corp. - C:\Program Files\eAcceleration\Firewall\FWService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8517 bytes